Sophos eXtensible Lists – a new way to fight spam

Sophos eXtensible Lists (SXL) is an online look-up system that dramatically accelerates the distribution of anti-spam intelligence, moving away from traditional scheduled updates to a real-time system that provides quicker response to new and emerging spam campaigns.  Sophos customers will receive this industry leading, rapid detection and deployment capability automatically.

Rather than requiring the anti-spam engine to rely solely on local data when checking messages for spam, SXL enables real-time access to a wider range of information.  It contains critical current and historical anti-spam intelligence such as IP addresses, URIs, message checksums, image and document fingerprints.  If the local anti-spam engine cannot conclusively determine if a message is spam, it can now reference the SXL database (using the DNS protocol) to check for any additional information that might be available from SophosLabs, but not yet downloaded.

As a hosted database service, SXL works in conjunction with Sophos’s email gateway solutions – Sophos Email Appliances and PureMessage for Exchange and UNIX – to provide a powerful security and control solution, providing access to a larger repository of anti-spam intelligence than possible on a system using only locally hosted data.   

The first time a Sophos anti-spam engine attempts to contact the SXL database, it queries all locations and automatically chooses the server that responds first. It then defaults to this location for up to ten minutes.  After ten minutes, the systems re-tests all locations to ensure that it always chooses the fastest-responding SXL server, ensuring it has the most up-to-date protection information rather than relying on random server connections which can cause lags in spam protection.